Critical Warning
Phishing sites targeting darknet marketplace users have stolen millions in cryptocurrency. They work by mimicking the exact appearance of real markets and capturing login credentials or deposit addresses. A single mistake can result in complete loss of funds.
How Phishing Attacks Work
Phishing attacks targeting darknet users typically follow one of these patterns:
Typosquatting
Creating onion URLs that look almost identical to real ones — one character different. V3 onion addresses are 56 characters long, making subtle substitutions nearly impossible to detect by eye.
Fake Forum Links
Impersonating admins or trusted users on Reddit, dark web forums, and Telegram to post "updated" mirror links. Even large communities get compromised this way.
Telegram Scam Bots
Automated bots that DM users with "official" updates containing phishing links. No legitimate market sends unsolicited links via Telegram or email.
Search Engine Poisoning
Paying for search engine placement of phishing pages for darknet-related keywords. Never use search engines to find onion addresses — they show fake results first.
How to Verify You're on the Real Site
Use Only Verified Sources
Only get onion links from our verified /enter page. Never from search engines, social media, or forums.
Check PGP Signature
The real market signs all official announcements with its PGP key. Verify any new mirror against the official key.
Bookmark It
After verifying a link works and matches the PGP signature, bookmark it immediately in Tor Browser. Use the bookmark every future session.
Check for HTTPS
While .onion sites don't use HTTPS, check that the URL exactly matches your bookmarked address character-by-character before entering any credentials.
Warning Signs of a Phishing Page
- 🔴 URL differs even slightly from your bookmarked verified address
- 🔴 Page asks for your email address or phone number (real market never does)
- 🔴 Deposit address shown doesn't match what you see after a Tor circuit refresh
- 🔴 Login page looks slightly different from usual (different fonts, layout, or colors)
- 🔴 Any announcement claiming the site moved to a "new" address without PGP verification
- 🔴 Unusual login issues or password "resets" being requested
- 🔴 TorZon Url shared in a DM, Telegram message, or forum post by anyone claiming to be admin
What to Do If You've Been Phished
Immediate Steps
1. Do not make any deposits to the phishing site. 2. Close Tor Browser immediately. 3. If you entered your password, assume your account is compromised — access via a verified link and change credentials immediately. 4. If you sent cryptocurrency, unfortunately recovery is not possible — this is why never depositing more than needed is critical.